Information Security Awareness in Public Administrations

Government digital agendas worldwide go hand in hand with the digital transformation in businesses and public administrations as well as the digital changes taking place in society. Information security (IS) and awareness (ISA) must be an integrated part of these agendas. The goal of IS is to protect information of all types and origins. Here, the employees play a necessary and significant role in the success of IS, and the entire staff of an institution need to know about their specific roles and be aware of the information security management system (ISMS). As there are still fundamental strategic deficiencies in the institutions themselves, humans should not be called "the weakest link" in the security chain. Rather, sustainable awareness-raising and training for people should be established in the institutions using interactive, authentic, and game-based learning methods. Psychological studies show the great importance of emotionalization when communicating IS knowledge and the reliable exchange of experience about IS. However, in many institutions, a change in culture is becoming necessary. IS must be integrated into all (business) processes and projects, and viable safeguards must be included. This chapter summarizes the most important scientific findings and transfers them to the practice of public administrations in Germany. Moreover, it shows examples of learning methods and provides practical assistance for IS sensitization and training.